Encryption is only half the story
An adversary can analyze the serial interface between a microcontroller and a Wi-Fi chip to learn network SSIDs and passkeys to gain access to the network. When encrypted, the interface is more complex to decipher, but it is still subject to man-in-the-middle exploits.
Silicon Labs offers an encrypted interface that uses Diffie-Hellman algorithm key exchanges on a per session, per device basis. The link is secured uniquely on a given device and keys are regenerated on each power cycle. Exploiting the link is therefore more complex as keys are frequently reset and non-transferrable. Additionally, keys must be mutually authenticated before activating secure communication. This critical step prevents communication with a non-trusted party. To reduce power consumption, developers also have the option to configure which communications over the serial interface are encrypted. Data that is already encrypted by the protocol (e.g., TLS data) can be sent without additional encryption while API and network data such as SSID and passkeys can be encrypted.
Our Product Security Incident Response Team (PSIRT) is responsible for ensuring the vulnerabilities discovered in our products are mitigated and communicated responsibly. If you detect a security threat, let us know.
Information on how to subscribe to security notices can be found here.